AMENDMENTS TO THE CLAIMS 



(Currently amended) A method for applying a quality of service to an encrypted packet 
comprising: 

examining an encrypted packet; 

determining whether an identifier associated with the quality of service is present in the 

encrypted packet; 

if it is determined in response to determining that the identifier is present in the encrypted 
packet, applying the associated quality of service to the encrypted packet. 

(Currently amended) The method of claim 1, further comprising the steps of: 
before the examining: 

encrypting the packet, wherein said step of encryption includes establishing said 
identifier in the packet. 

(Original) The method of claim 1, wherein said identifier is based on at least on an 
Internet Key Exchange (IKE) ID stored in the packet. 

(Original) The method of claim 3, wherein the Intemet Key Exchange (IKE) ID 
comprises one or more of ID_IPV4_ADDR, ID_FQDN, ID_USER_FQDN, 
ID_IPV4_ADDR_SUBNET, ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, 
ID_IPV4_ADDR_RANGE, ID_IPV6_ADDR_RANGE, ID_DER_ASN1_DN, 
ID_DER_ASN1_GN, and ID_KEY_ID. 

(Original) The method of claim 1, wherein the identifier is based on at least an entry 
in a security association database. 

(Currently amended) The method of claim 1, wherein said identifier maps to a_quality of 
service (QoS) group. 
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7. (Original) The method of claim 2, wherein the identifier is established in a profile of 
the packet. 



8. (Original) The method of claim 7, wherein the profile is an ISAKMP profile. 

9. (Original) The method of claim 2, further comprising a step of pre-classification of 

the packet prior to the step of encryption. 

10. (Currently amended) The method of claim 9, wherein the quality of service that is 
applied is selected based on both the identifier and pre-classification. 

1 1 . (Currently amended) A method for applying a quality of service to a packet comprising: 
encrypting the packet to create an encrypted packet; 

examining an identifier in the encrypted packet, wherein the identifier is based on an IKE 

ID of the encrypted packet; 
determining whether the identifier in the encrypted packet is associated with a quality of 

service to be applied to the encrypted packet; and 

if it is determined in response to detennining that the identifier is associated with a 

quality of service to be applied to the encrypted packet, applying the quality of 
service to the encrypted packet. 

12. (Currently amended) The method of claim 11, further comprising the step of: 
prior to the step of encrypting, pre-classifying the packet based on the contents of the 

packet; 

wherein the quality of service that is applied to the packet is selected partially based the 
step of pre-classification and partially based on the identifier. 

13. (Currently amended) The method of claim 11, further comprising the step of: 

during encryption, copying at least one bit into a header to identify a characteristic of the 
packet; 
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wherein the quality of service that is applied to the packet is selected partially based on a 
value of the at least one bit and partially based on the identifier. 

14. (Original) A computer-readable medium comprising one or more sequences of 
instructions, which when executed by one or more processors, cause the one or more 
processors to carry out the steps recited in claim 1. 

15. (Original) A computer-readable medium comprising one or more sequences of 
instructions, which when executed by one or more processors, cause the one or more 
processors to carry out the steps recited in claim 2. 

16. (Original) A computer-readable medium comprising one or more sequences of 
instmctions, which when executed by one or more processors, cause the one or more 
processors to carry out the steps recited in claim 3. 

17. (Original) A computer-readable medium comprising one or more sequences of 
instructions, which when executed by one or more processors, cause the one or more 
processors to carry out the steps recited in claim 4. 

18. (Original) A computer-readable medium comprising one or more sequences of 
instructions, which when executed by one or more processors, cause the one or more 
processors to carry out the steps recited in claim 5. 

19. (Original) A computer-readable medium comprising one or more sequences of 
instructions, which when executed by one or more processors, cause the one or more 
processors to carry out the steps recited in claim 6. 

20. (Original) A computer-readable medium comprising one or more sequences of 
instructions, which when executed by one or more processors, cause the one or more 
processors to carry out the steps recited in claim 7. 
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21 . (Original) A computer-readable medium comprising one or more sequences of 
instructions, which when executed by one or more processors, cause the one or more 
processors to carry out the steps recited in claim 8. 

22. (Original) A computer-readable medium comprising one or more sequences of 
instructions, which when executed by one or more processors, cause the one or more 
processors to carry out the steps recited in claim 9. 

23. (Original) A computer-readable medium comprising one or more sequences of 
instructions, which when executed by one or more processors, cause the one or more 
processors to carry out the steps recited in claim 10. 

24. (Original) A computer-readable medium comprising one or more sequences of 
instructions, which when executed by one or more processors, cause the one or more 
processors to carry out the steps recited in claim 11. 

25. (Original) A computer-readable medium comprising one or more sequences of 
instructions, which when executed by one or more processors, cause the one or more 
processors to carry out the steps recited in claim 12. 

26. (Original) A computer-readable medium comprising one or more sequences of 
instructions, which when executed by one or more processors, cause the one or more 
processors to carry out the steps recited in claim 13. 

27. (Currently amended) An apparatus for applying a quality of service to an encrypted 
packet comprising: 

means for examining an encrypted packet; 

means for determining whether an identifier associated with the quality of service is 
present in the encrypted packet; 
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meanSi responsive to the determining means, for applying the quality of service to the 
encrypted packet if it is determined that the identifier is present in the encrypted 
packet. 

28. (Currently amended) The apparatus of claim 27, further comprising means , operable 
before the examining means, for encrypting the packet, wherein the means for encryption 
includes means for establishing said identifier in the packet. 

29. (Original) The apparatus of claim 27, wherein said identifier is based on at least on 
an Internet Key Exchange (IKE) ID stored in the packet. 

30. (Original) The apparatus of claim 29, wherein the Internet Key Exchange (IKE) ID 

comprises one or more of ID_IPV4_ADDR, ID_FQDN, ID_USER_FQDN, 
ID IPV4 ADDR SUBNET, ID IPV6_ADDR, ID_IPV6_ADDR_SUBNET, 
ID IPV4 ADDR RANGE. ID IPV6 ADDR_RANGE, ID_DER_ASN1_DN, 
ID_DER_ASN1_GN, and ID_KEY_ID. 

3 1 . (Original) The apparatus of claim 27, wherein the identifier is based on at least an 
entry in a security association database. 

32. (Currently amended) The apparatus of claim 27, wherein said identifier maps to a_quality 
of service (QoS) group. 

33. -36. (Canceled) 

37. (Currently amended) An apparatus for applying a quality of service to an encrypted 
packet comprising: 

one or more processors; 

memory communicatively coupled to the one or more processors; 
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one or more sequences of instructions in the memory for applying a quality of service to 
an encrypted packet, which instructions, when executed by the one or more 
processors, cause the one or more processors to perform the steps of: 

examining an encrypted packet; 

determining whether an identifier associated with the quality of service is present in the 
encrypted packet; 

if it is determined in response to determining that the identifier is present in the encrypted 
packet, applying the quality of service to the encrypted packet. 

38. (Currently amended) The apparatus of claim 37, further comprising sequences of 
instructions for performing the steps of: 

before the examining: 

encrypting the packet, wherein said step of encryption includes establishing said 
identifier in the packet. 

39. (Original) The apparatus of claim 37, wherein said identifier is based on at least on 
an Internet Key Exchange (IKE) ID stored in the packet. 

40. (Original) The apparatus of claim 39, wherein the Internet Key Exchange (IKE) ID 
comprises one or more of ID_IPV4_ADDR, 1D_FQDN, 1D_USER_FQDN, 
ID_1PV4_ADDR_SUBNET, ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, 
ID_IPV4_ADDR_RANGE, ID_IPV6_ADDR_RANGE, ID_DER_ASN1_DN, 
ID_DER_ASN1_GN, and ID_KEY_ID. 

41 . (Original) The apparatus of claim 37, wherein the identifier is based on at least an 
entry in a security association database. 

42. (Currently amended) The apparatus of claim 37, wherein said identifier maps to a_quality 
of service (QoS) group. 
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43. (Original) The apparatus of claim 38, wherein the identifier is established in a profile 
of the packet. 

44. (Original) The apparatus of claim 43, wherein the profile is an ISAKMP profile. 

45. (Original) The apparatus of claim 38, further comprising a step of pre-classification 

of the packet prior to the step of encryption. 

46. (Currently amended) The apparatus of claim 45, wherein the quality of service that is 
applied is selected based on both the identifier and pre-classification. 

47. (New) The apparatus of claim 28, wherein the identifier is established in a profile of the 
packet. 

48. (New) The apparatus of claim 33, wherein the profile is an ISAKMP profile. 

49. (New) The apparatus of claim 28, further comprising means for pre-classification of the 
packet prior to the step of encryption. 

50. (New) The apparatus of claim 35, comprising means for selecting the quality of service 
that is applied based on both the identifier and pre-classification. 
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